FPGA implementation of an improved attack against the DECT standard cipher

The DECT Standard Cipher (DSC) is a proprietary stream cipher used for enciphering payload of DECT transmissions such as cordless telephone calls. The algorithm was kept secret, but a team of cryptologists reverse-engineered it and published a way to reduce the key space when enough known keystreams are available [4]. The attack consists of two phases: At first, the keystreams are analyzed to build up an underdetermined linear equation system. In the second phase, a brute-force attack is performed where the equation system limits the number of potentially valid keys. In this paper, we present an improved variant of the first phase of the attack as well as an optimized FPGA implementation of the second phase, which can be used with our improved variant or with the original attack. Our improvement to the first phase of the attack is able to more than double the success probability of the attack, depending of the number of available keystreams. Our FPGA implementation of t he second phase of the attack is currently the most cost-efficient way to execute the second phase of the attack.